HTTPS Mixed Content

Project ID: 1300919911

Project Name - Quote Request

Project Type

Bids

click on the view message board button to post a message for this project

Messages Posted: - You may use the message board to discuss or clarify any further details/requirements regarding this project. Price negotiations and/or direct contact with each others is not allowed including via email, AIM, chat, etc., and until a bidder has been chosen.

We are having a problem with https: security warning issues on my pain relief site. Particularly the main two pages that result in sales. It is a IE7 and IE8 problem and it is costing us sales.

When a customer reaches our home page via https://www.painreliefforpain.com, a pop-up stating that some of the content on the page may not be secure appears. This is a https problem via IE7/8. Most people read this message incorrectly and simply click off the site. The problem exists due to IE7 and IE8. This warning occurs because of "mixed content" when a Web browser references an unsecure (http) resource within our secure (https) page the message appears. It is affecting our pages at https://www.painreliefforpain.com and https://www.painreliefforpain.com/products.htm in particular.

The project is to identify and remove mixed content vulnerabilities https issues associated with these two webpages and fix the cause of the problem so that the warning is not displayed by default in IE 7 or IE 8. The only way to do this is to ensure that our HTTPS pages only access embedded resources using the HTTPS protocol. This can be done by the following steps per my research:

Programmers can use Fiddler or use a sniffer like HttpWatch that supports HTTPS and shows files being read from the browser cache.

The HttpWatch FREE Basic Edition is sufficient for this because you only need to see the URLs being accessed to identify the coding/images/forms, etc. causing the security message problem. Any HTTP resources shown in the HttpWatch window are the source of the security message problem; even if they loaded directly from the browser cache and didn't cause a network round trip; If they don't initially see any HTTP based resources, they can try refreshing the page because a non-secure image for example may have been retrieved from the IE or Firefox image cache EDIT.

Your task is to try to track down why our two pages as above cause this warning to appear using the tools as mentioned above and also you need to take a look at http://blog.httpwatch.com/2009/09/17/even-more-problems-with-the-ie-8-mixed-content-warning/ where certain javascript snippets that can also trigger this warning are covered.

The project is to identify which mixed content is causing the security warning pop-up and modify the above two webpages to be compatable with https so the security warning pop-up doesn't appear.

Project Type:

Applications

E-Commerce/Carts

Security

Technical Support

Other

OS-Platform:

Windows

Programming Language:

Javascript

Database Type:

None

click on the view message board button to post a message for this project

Messages Posted: 0 - You may use the message board to discuss or clarify any further details/requirements regarding this project. Price negotiations and/or direct contact with each others are not allowed including via email, AIM, chat, etc., and until a bidder has been chosen.

Programmer Bids for this project

Site Terms : Your use of this website constitutes your agreement to the terms and conditions of Programmer Bids. Any bids/quotes provided by individual freelancers, programmers, web designers and consultants on this website are not recommendations by Programmer Bids - we neither provide any quotes directly to the buyer, nor do we recommend any "specific" service provider registered on our web site. Buyers and corresponding freelancers, programmers, web developers and consultants must assume responsibility for the delivery of work and payment transactions. Programmer Bids.com only provides a buy/sell marketplace for interested buyers, freelance programmers and web designers to buy or sell programming and web development services, on our website. Please read and accept Terms & Conditions before using our service.